This Will Be the Year of the SBOM, for Better or for Worse

Sharing attestations on software supply chain data that are formed into a policy will give us a framework to interpret risk and develop compliance directives.